package org.apache.syncope.sra.filters;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import org.apache.commons.lang3.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.SslInfo;

/* loaded from: input_file:org/apache/syncope/sra/filters/ClientCertsToRequestHeaderFilterFactory.class */
public class ClientCertsToRequestHeaderFilterFactory extends AbstractGatewayFilterFactory<AbstractGatewayFilterFactory.NameConfig> {
    private static final Logger LOG = LoggerFactory.getLogger(ClientCertsToRequestHeaderFilterFactory.class);

    public ClientCertsToRequestHeaderFilterFactory() {
        super(AbstractGatewayFilterFactory.NameConfig.class);
    }

    public GatewayFilter apply(AbstractGatewayFilterFactory.NameConfig nameConfig) {
        return (serverWebExchange, gatewayFilterChain) -> {
            ServerHttpRequest serverHttpRequest;
            ServerHttpRequest request = serverWebExchange.getRequest();
            if (request.getSslInfo() == null || !ArrayUtils.isNotEmpty(request.getSslInfo().getPeerCertificates())) {
                serverHttpRequest = request;
            } else {
                LOG.debug("Client certificates found in original request: {}", Integer.valueOf(request.getSslInfo().getPeerCertificates().length));
                ArrayList arrayList = new ArrayList();
                for (X509Certificate x509Certificate : request.getSslInfo().getPeerCertificates()) {
                    try {
                        arrayList.add(Base64.getEncoder().encodeToString(x509Certificate.getEncoded()));
                    } catch (CertificateEncodingException e) {
                        LOG.error("Could not encode one of client certificates", e);
                    }
                }
                serverHttpRequest = request.mutate().headers(httpHeaders -> {
                    httpHeaders.addAll(nameConfig.getName(), arrayList);
                }).sslInfo((SslInfo) null).build();
            }
            return gatewayFilterChain.filter(serverWebExchange.mutate().request(serverHttpRequest).build());
        };
    }
}
